Return-Path: X-Original-To: apmail-db-derby-user-archive@www.apache.org Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3366E9717 for ; Mon, 16 Apr 2012 02:24:42 +0000 (UTC) Received: (qmail 87849 invoked by uid 500); 16 Apr 2012 02:24:41 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 87820 invoked by uid 500); 16 Apr 2012 02:24:41 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 87812 invoked by uid 99); 16 Apr 2012 02:24:41 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Apr 2012 02:24:41 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of trejkaz@trypticon.org designates 74.125.82.50 as permitted sender) Received: from [74.125.82.50] (HELO mail-wg0-f50.google.com) (74.125.82.50) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 16 Apr 2012 02:24:35 +0000 Received: by wgbds12 with SMTP id ds12so4681544wgb.31 for ; Sun, 15 Apr 2012 19:24:13 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type :x-gm-message-state; bh=J2Ln7lg6ApLNG4w7bbf/p0EGfGKy0df7lX/UnxehZ+c=; b=Okk9urr+escDqcOTZoN/jGamutsMG9cN1jviWvgZVEk6o2jahYfMKPPYoP0Loq1gaH fMEBn/lRQCe6lVZnEe2BFT+K60jeW5eS+OP5ZzGbO+b7z6yx38GEXDl5wu0AangXhGoj tMan9mWnV+bNNNwg2Op/5CZju6PE08tIjYNvmEWN1CJO6yd77EFhfntRf/OPstcoPDK2 cr8oWcI7b5TWJrBYhsPety1CRYiT5CRhHtsrWdmNzPDmH0ONG+rxXDq3QqhqaaXnjSSj jHgxEN5Pmf/P/eqpAxI8VlW8PvBgO09FS/yx057stQxSGNzobe4d6gqiMQ37BntVGNJ3 zY7Q== Received: by 10.180.104.231 with SMTP id gh7mr7597729wib.10.1334543053783; Sun, 15 Apr 2012 19:24:13 -0700 (PDT) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx.google.com with ESMTPS id l5sm16388620wia.11.2012.04.15.19.24.11 (version=SSLv3 cipher=OTHER); Sun, 15 Apr 2012 19:24:12 -0700 (PDT) Received: by wgbds12 with SMTP id ds12so4681525wgb.31 for ; Sun, 15 Apr 2012 19:24:11 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.135.106 with SMTP id t84mr5897782wei.74.1334543051295; Sun, 15 Apr 2012 19:24:11 -0700 (PDT) Received: by 10.180.100.170 with HTTP; Sun, 15 Apr 2012 19:24:11 -0700 (PDT) Date: Mon, 16 Apr 2012 12:24:11 +1000 Message-ID: Subject: User authorisation From: Trejkaz To: Derby Discussion Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQkPCJTY8yWHl4TVhdFYRvlskY/SbvRVKqn/aLDPc0GHZhq/eSDJeNdWhdN3zBVn4r/YN7Q8 X-Virus-Checked: Checked by ClamAV on apache.org Hi all. We are using a custom UserAuthenticator to integrate Derby into our own user database. At the moment, this custom UserAuthenticator is also doing the job of tracking who can open which database. So of course when we deny someone because they don't have access, the error message they get is along the lines of "incorrect username or password". Is there something like a UserAuthoriser which would be more appropriate for this task? I see that there is a lot of documentation about permissions in the Derby documentation but all the docs I can find seem to tie into JVM security, which we're deliberately not using for performance reasons. We only want the coarsest level of security where we can control who can connect to which database. TX